Sign-up

ID

VAR-201803-0167


CVE

CVE-2017-17282


TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012817

DESCRIPTION

SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has a buffer overflow vulnerability. An attacker has to find a way to send malformed packets to the affected products repeatedly. Due to insufficient input validation, successful exploit may cause some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.34

sources: NVD: CVE-2017-17282 // JVNDB: JVNDB-2017-012817 // CNVD: CNVD-2018-03824 // VULHUB: VHN-108289 // VULMON: CVE-2017-17282

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-03824

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-03824 // JVNDB: JVNDB-2017-012817 // CNNVD: CNNVD-201803-275 // NVD: CVE-2017-17282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17282
value: LOW

Trust: 1.0

NVD: CVE-2017-17282
value: LOW

Trust: 0.8

CNVD: CNVD-2018-03824
value: LOW

Trust: 0.6

CNNVD: CNNVD-201803-275
value: LOW

Trust: 0.6

VULHUB: VHN-108289
value: LOW

Trust: 0.1

VULMON: CVE-2017-17282
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-17282
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-03824
severity: LOW
baseScore: 1.8
vectorString: AV:A/AC:H/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.2
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108289
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17282
baseSeverity: LOW
baseScore: 3.1
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.6
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-03824 // VULHUB: VHN-108289 // VULMON: CVE-2017-17282 // JVNDB: JVNDB-2017-012817 // CNNVD: CNNVD-201803-275 // NVD: CVE-2017-17282

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-108289 // JVNDB: JVNDB-2017-012817 // NVD: CVE-2017-17282

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201803-275

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201803-275

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012817

PATCH
title:huawei-sa-20180228-01-sccpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sccp-en
Trust: 0.8
title:Patches for multiple Huawei product SCCP module buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/119249
Trust: 0.6
title:Multiple Huawei product Signalling Connection Control Part Fixes for module buffer error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79003
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03824 // 
            
            
            
            JVNDB: JVNDB-2017-012817 // 
            
            
            
            CNNVD: CNNVD-201803-275

EXTERNAL IDS
db:NVDid:CVE-2017-17282
Trust: 3.2
db:JVNDBid:JVNDB-2017-012817
Trust: 0.8
db:CNVDid:CNVD-2018-03824
Trust: 0.6
db:CNNVDid:CNNVD-201803-275
Trust: 0.6
db:VULHUBid:VHN-108289
Trust: 0.1
db:VULMONid:CVE-2017-17282
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-03824 // 
            
            
            
            VULHUB: VHN-108289 // 
            
            
            
            VULMON: CVE-2017-17282 // 
            
            
            
            JVNDB: JVNDB-2017-012817 // 
            
            
            
            CNNVD: CNNVD-201803-275 // 
            
            
            
            NVD: CVE-2017-17282

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sccp-en
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17282
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17282
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180228-01-sccp-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-03824 // 
            
            
            
            VULHUB: VHN-108289 // 
            
            
            
            VULMON: CVE-2017-17282 // 
            
            
            
            JVNDB: JVNDB-2017-012817 // 
            
            
            
            CNNVD: CNNVD-201803-275 // 
            
            
            
            NVD: CVE-2017-17282

SOURCES
db:CNVDid:CNVD-2018-03824
db:VULHUBid:VHN-108289
db:VULMONid:CVE-2017-17282
db:JVNDBid:JVNDB-2017-012817
db:CNNVDid:CNNVD-201803-275
db:NVDid:CVE-2017-17282

LAST UPDATE DATE
2024-11-23T23:12:14.223000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03824date:2018-02-28T00:00:00
db:VULHUBid:VHN-108289date:2018-03-27T00:00:00
db:VULMONid:CVE-2017-17282date:2018-03-27T00:00:00
db:JVNDBid:JVNDB-2017-012817date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201803-275date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17282date:2024-11-21T03:17:44.700

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-03824date:2018-02-28T00:00:00
db:VULHUBid:VHN-108289date:2018-03-09T00:00:00
db:VULMONid:CVE-2017-17282date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012817date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201803-275date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17282date:2018-03-09T21:29:00.627